Securely Provisioning Resources
This section of CISSP course includes the type and management of provisioning resources. In this part of this tutorial, we’ll take a look at asset and alos securely provisioning resources to help you understand the different aspects of provisioning resources and also asset.
An organization’s information architecture is a dynamic and constantly changing operation. Therefore, organization’s security posture is constantly changing.
Provisioning of various information resources can have important impacts on the organization’s security posture.
At result, security planning and analysis must be an integral part of every organization’s resource provisioning processes, as well as throughout the lifecycle of all resources.
Asset Inventory
Asset inventory brings a method for maintaining an accurate inventory of assets belongs to organizations. Maintaining a complete and accurate inventory is critical.
Asset Inventory is the essential aspect of securing our information systems is knowing what it is that we are protecting. For example, we need to know have how many computers, or how many Ethernet switch.
Asset inventory is the first control found in the well-known CIS 20 Controls.
Another advantage of asset inventory is that – for example – if a vulnerability is identified in a specific version of an application, you can use asset inventory to figure out whether you have any installations of the vulnerable version.
Asset Management
Asset management divided into two main types which are briefly described here:
- Configuration Management: This management works related with system security that will perform tasks like disabling unnecessary services, enabling security capabilities such as firewalls, antivirus, and IDSs or IPSs, and audit logs.
- Baselining: Security baselining is the process of create a snapshot of the current system security configuration. These snapshots can be extremely helpful in responding to a potential security incident.
Vulnerability Management
This management relates to regularly identifying vulnerabilities, evaluating them, and taking steps to mitigate risks associated with vulnerabilities. Of course, it is not possible to eliminate all the vulnerabilities and all the risks, but steps must be taken to reduce them. It is better that organization have an effective vulnerability management program.
Change Management
To maintain operational security, restricted change management or change control process needs to be followed, so that only those requested and approved changes are made.
All changes must be closely tracked and auditable; a detailed change record should be kept.
Audit records allow auditors to verify that change management policies and procedures have been followed.
Some changes can generate problems. For this reason, change management auditing allows operations staff to investigate recent changes in the event of damage.
Configuration Management
This management is useful for standardize a configuration across the devices. Configuration management processes need to be implemented to ensure information resources are operated.
It is recommended that organizations have a Configuration management software .This software- for example – ensures that all computers have antivirus software.
As another example, today many organizations typically implement an automated configuration management database (CMDB) that is part of a system configuration management.
Many configuration management solutions can be used across all Windows, Linux, and Mac computers.